Merge branch 'services.crowdsec' into services

services/crowdsec-firewall-bouncer.nix

@@ -0,0 +1,30 @@
+# Module: services/crowdsec-firewall-bouncer
+# Enrolls a traefik bouncer with the crowdsec console
+{
+  config,
+  lib,
+  pkgs,
+  pkgsUnstable,
+  inputs,
+  ...
+}:
+
+with lib;
+
+let
+  cfg = config.crowdsec-firewall-bouncer;
+  lapiHost = "log-01.tail755c5.ts.net:8080";
+in
+{
+  #imports = [ "${pkgsUnstable.path}/nixos/modules/services/security/crowdsec.nix" ];
+
+  options.crowdsec-firewall-bouncer = {
+    enable = mkEnableOption "Enables traefik bouncer for a specified crowdsec instance";
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgsUnstable; [
+      crowdsec-firewall-bouncer
+    ];
+  };
+}

services/crowdsec-traefik-bouncer.nix

@@ -13,9 +13,6 @@ with lib;
 
 let
   cfg = config.crowdsec-traefik-bouncer;
-  crowdsecListenAddress = "0.0.0.0";
-  crowdsecPort = "8080";
-  crowdsecPrometheusPort = "6060";
   pluginVersion = "v1.4.5";
   lapiHost = "log-01.tail755c5.ts.net:8080";
   wafHost = "log-01.tail755c5.ts.net:7422";

services/services.nix

@@ -11,6 +11,7 @@
 {
   imports = [
     ./crowdsec.nix
+    ./crowdsec-firewall-bouncer.nix
     ./crowdsec-traefik-bouncer.nix
     ./docker.nix
     ./healthchecks.nix
@@ -22,6 +23,7 @@
   ];
 
   crowdsec.enable = lib.mkDefault false;
+  crowdsec-firewall-bouncer.enable = lib.mkDefault false;
   crowdsec-traefik-bouncer.enable = lib.mkDefault false;
   docker.enable = lib.mkDefault false;
   healthchecks.enable = lib.mkDefault false;